Fix some minor resource leaks in PerformRadiusTransaction().

tglsfdc · tglsfdc · commit 7cbd94466285 · 2017-03-26T17:02:38.000-04:00
Failure to free serveraddrs pointed out by Coverity, failure to close
socket noted by code-reading.  These bugs seem to be quite old, but
given the low probability of taking these error-exit paths and the
minimal consequences of the leaks (since the process would presumably
exit shortly anyway), it doesn't seem worth back-patching.

Michael Paquier and Tom Lane
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
@@ -2793,6 +2793,7 @@ PerformRadiusTransaction(char *server, char *secret, char *portstr, char *identi
 	{
 		ereport(LOG,
 				(errmsg("could not generate random encryption vector")));
+		pg_freeaddrinfo_all(hint.ai_family, serveraddrs);
 		return STATUS_ERROR;
 	}
 	packet->id = packet->vector[0];
@@ -2827,6 +2828,7 @@ PerformRadiusTransaction(char *server, char *secret, char *portstr, char *identi
 			ereport(LOG,
 					(errmsg("could not perform MD5 encryption of password")));
 			pfree(cryptvector);
+			pg_freeaddrinfo_all(hint.ai_family, serveraddrs);
 			return STATUS_ERROR;
 		}
 
@@ -2842,7 +2844,7 @@ PerformRadiusTransaction(char *server, char *secret, char *portstr, char *identi
 
 	radius_add_attribute(packet, RADIUS_PASSWORD, encryptedpassword, encryptedpasswordlen);
 
-	/* Length need to be in network order on the wire */
+	/* Length needs to be in network order on the wire */
 	packetlength = packet->length;
 	packet->length = htons(packet->length);
 
@@ -2868,6 +2870,7 @@ PerformRadiusTransaction(char *server, char *secret, char *portstr, char *identi
 	localaddr.sin_addr.s_addr = INADDR_ANY;
 	addrsize = sizeof(struct sockaddr_in);
 #endif
+
 	if (bind(sock, (struct sockaddr *) & localaddr, addrsize))
 	{
 		ereport(LOG,
@@ -2964,6 +2967,7 @@ PerformRadiusTransaction(char *server, char *secret, char *portstr, char *identi
 		{
 			ereport(LOG,
 					(errmsg("could not read RADIUS response: %m")));
+			closesocket(sock);
 			return STATUS_ERROR;
 		}
 

Original file line number	Diff line number	Diff line change
`@@ -2793,6 +2793,7 @@ PerformRadiusTransaction(char server, char secret, char portstr, char identi`
`2793`	`2793`	`{`
`2794`	`2794`	`ereport(LOG,`
`2795`	`2795`	`(errmsg("could not generate random encryption vector")));`
	`2796`	`+ pg_freeaddrinfo_all(hint.ai_family, serveraddrs);`
`2796`	`2797`	`return STATUS_ERROR;`
`2797`	`2798`	`}`
`2798`	`2799`	`packet->id = packet->vector[0];`
`@@ -2827,6 +2828,7 @@ PerformRadiusTransaction(char server, char secret, char portstr, char identi`
`2827`	`2828`	`ereport(LOG,`
`2828`	`2829`	`(errmsg("could not perform MD5 encryption of password")));`
`2829`	`2830`	`pfree(cryptvector);`
	`2831`	`+ pg_freeaddrinfo_all(hint.ai_family, serveraddrs);`
`2830`	`2832`	`return STATUS_ERROR;`
`2831`	`2833`	`}`
`2832`	`2834`
`@@ -2842,7 +2844,7 @@ PerformRadiusTransaction(char server, char secret, char portstr, char identi`
`2842`	`2844`
`2843`	`2845`	`radius_add_attribute(packet, RADIUS_PASSWORD, encryptedpassword, encryptedpasswordlen);`
`2844`	`2846`
`2845`		`- /* Length need to be in network order on the wire */`
	`2847`	`+ /* Length needs to be in network order on the wire */`
`2846`	`2848`	`packetlength = packet->length;`
`2847`	`2849`	`packet->length = htons(packet->length);`
`2848`	`2850`
`@@ -2868,6 +2870,7 @@ PerformRadiusTransaction(char server, char secret, char portstr, char identi`
`2868`	`2870`	`localaddr.sin_addr.s_addr = INADDR_ANY;`
`2869`	`2871`	`addrsize = sizeof(struct sockaddr_in);`
`2870`	`2872`	`#endif`
	`2873`	`+`
`2871`	`2874`	`if (bind(sock, (struct sockaddr *) & localaddr, addrsize))`
`2872`	`2875`	`{`
`2873`	`2876`	`ereport(LOG,`
`@@ -2964,6 +2967,7 @@ PerformRadiusTransaction(char server, char secret, char portstr, char identi`
`2964`	`2967`	`{`
`2965`	`2968`	`ereport(LOG,`
`2966`	`2969`	`(errmsg("could not read RADIUS response: %m")));`
	`2970`	`+ closesocket(sock);`
`2967`	`2971`	`return STATUS_ERROR;`
`2968`	`2972`	`}`
`2969`	`2973`